The foundation of the model is built upon the core business functions of software development with security practices tied to each (see diagram below). The building blocks of the model are the three maturity levels defined for each of the twelve security practices. These define a wide variety of activities in which an organization could engage to reduce security risks and increase software assurance. Additional details are included to measure successful activity performance, understand the associated assurance benefits, estimate personnel and other costs.

+

+

[[Image:SAMM-Overview.png|720px]]

+

===== Click on any badge to learn more =====

===== Click on any badge to learn more =====

Revision as of 08:47, 10 January 2016

The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. SAMM helps you:

Evaluate an organization’s existing software security practices

Build a balanced software security assurance program in well-defined iterations

Demonstrate concrete improvements to a security assurance program

Define and measure security-related activities throughout an organization

Pravir Chandra - first presentation discussing the next generation to the CLASP Project- a complete working of the details into a Software Assurance Maturity Model (SAMM). (download presentation) - 2009

The foundation of the model is built upon the core business functions of software development with security practices tied to each (see diagram below). The building blocks of the model are the three maturity levels defined for each of the twelve security practices. These define a wide variety of activities in which an organization could engage to reduce security risks and increase software assurance. Additional details are included to measure successful activity performance, understand the associated assurance benefits, estimate personnel and other costs.

Click on any badge to learn more

Strategy & Metrics

Policy & Compliance

Education & Guidance

Threat Assessment

Security Requirements

Secure Architecture

Design Review

Code Review

Security Testing

Vulnerability Management

Environment Hardening

Operational Enablement

SAMM is available in the following languages:

English

Spanish

Japanese

German

You can use Crowdin to help improve these translations or add new ones right now!